Symptoms

+ The generated server trace file for 28033 event trace indicates the following error. The returned ldap error 50 is "insufficient search privileges".

In the example considered here,

"dc=gcs,dc=com" is the default admin context for DB registration with OID,"cn=OracleDBSecurity,cn=Products,cn=OracleContext,dc=gcs,dc=com" is the baseDN and"cn=testdb,cn=OracleContext,dc=gcs,dc=com" is the database DN which would be the bind user DN performing the search with respect to OID

+ The command line ldapsearch with a similar subtree search on the baseDN by cn=orcladmin (administrator DN) displays only entry level browse permission and no attribute level access for the database DN.